Description

The Randomizer module assists researchers and students who want an easy way to perform random sampling or assign participants to experimental conditions. It accepts form input as parameters for generating a pseudo-random list of numbers. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting (XSS) vulnerability.

Versions affected

Randomizer module 5.x-1.0 and prior versions

Randomizer module 6.x-1.0 and prior versions

Drupal core is not affected. If you do not use the contributed Randomizer module, there is nothing you need to do.

Solution

The Randomizer module is not maintained and there is no direct solution. Disable the module.